diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2020-07-13 15:37:16 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2020-07-20 11:35:17 +0100 |
| commit | 3f410039b79c0468e18142c6ddfede6f6f7b0427 (patch) | |
| tree | fa67606bc26bf02720fcbb43757760d894b7e8ee /hw | |
| parent | cd07d7f9f5117954edd9a9bbd97b0442eecf5c49 (diff) | |
| download | qemu-3f410039b79c0468e18142c6ddfede6f6f7b0427.zip qemu-3f410039b79c0468e18142c6ddfede6f6f7b0427.tar.gz qemu-3f410039b79c0468e18142c6ddfede6f6f7b0427.tar.bz2 | |
hw/arm/armsse: Assert info->num_cpus is in-bounds in armsse_realize()
In armsse_realize() we have a loop over [0, info->num_cpus), which
indexes into various fixed-size arrays in the ARMSSE struct. This
confuses Coverity, which warns that we might overrun those arrays
(CID 1430326, 1430337, 1430371, 1430414, 1430430). This can't
actually happen, because the info struct is always one of the entries
in the armsse_variants[] array and num_cpus is either 1 or 2; we also
already assert in armsse_init() that num_cpus is not too large.
However, adding an assert to armsse_realize() like the one in
armsse_init() should help Coverity figure out that these code paths
aren't possible.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200713143716.9881-1-peter.maydell@linaro.org
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/arm/armsse.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c index 64fcab8..dcbff9b 100644 --- a/hw/arm/armsse.c +++ b/hw/arm/armsse.c @@ -452,6 +452,8 @@ static void armsse_realize(DeviceState *dev, Error **errp) return; } + assert(info->num_cpus <= SSE_MAX_CPUS); + /* max SRAM_ADDR_WIDTH: 24 - log2(SRAM_NUM_BANK) */ assert(is_power_of_2(info->sram_banks)); addr_width_max = 24 - ctz32(info->sram_banks); |